Ports and Firewall Access

If you need to change the ports, contact Geocortex Support for help (https://support.geocortex.com/).

By default, Geocortex Core's services use the TCP network ports listed in the table below. These ports must not be used by any other application on the server, or restricted in any way.

Do not expose any ports other than 80 and 443 to the Internet. Ports reserved for Core are only used internally.

Default TCP Network Ports to Reserve for Geocortex Core

Geocortex Core Service

Ports

Geocortex Core (Internet)

80

Document Store Role and Elasticsearch/Clustering

19201 and 19300

Discovery Role (Installation)

3702

Printing

4731

Web Service Proxy

10080

 

You can use the information in the table below to recreate a Firewall rule that has been deleted in error:

Rule Name

Program or Port

Scope

Profiles

Geocortex Core Discovery

UDP:3702

Any computer

Domain, Private

Geocortex Core Document Store

TCP:19201

Any computer

Domain, Private

Geocortex Core Document Store

TCP:19300

Any computer

Domain, Private

Geocortex Core Web Service Proxy

TCP:10080

Any computer

Domain, Private

If your cluster is on a network that is configured to use a public profile, you need to set the above firewall rules to use a public profile as well.

Firewall Rules

Geocortex Core, on which Analytics relies for many of its functions, requires access through the firewall. By default, Geocortex Core uses Windows Firewall with the inbound rules shown in the screen capture below. The rules that Geocortex Core needs are created automatically during installation—you do not need to do any firewall configuration if you use the default setup.

If you plan to collect data from one or more remote servers, additional firewall rules must be enabled. See Configure Access to Remote Servers in theGeocortex Analytics 1.4.x for instructions.

Inbound firewall rules required by Geocortex Core and Analytics

If you use a firewall other than Windows Firewall, you must configure the firewall with inbound rules similar to the ones shown in the screen capture. Each rule allows access to one program that Geocortex Core uses.

The programs that Geocortex Core uses are in the Geocortex Core folder. To save space, the path to the Geocortex Core folder is omitted from the screen capture. If Geocortex Core is installed in the default location, the folder is here:

C:\Program Files\Latitude Geographics\Geocortex Core\

To see all the rules, view them in Windows Firewall.

To view Windows Firewall's inbound rules:

  1. Open Windows Control Panel.

  2. Click Windows Firewall.

  3. In the side panel, click Advanced settings.

  4. In the side panel, click Inbound Rules.

DMZ Settings for Core Firewall Rules

For some deployment scenarios of Analytics when you have a demilitarized zone (DMZ) in your network, you need to enable the Geocortex Core rules to use Public Profiles. These rules must be changed on the server that is in the DMZ.

To enable Core rules to use public profiles:

  1. On the Analytics Hub server, from the Start menu, open Windows Control Panel.

  2. Click Windows Firewall.

  3. In the left side panel, click Advanced Settings.

  4. In the Windows Firewall with Advanced Security window, click Inbound Rules in the left panel.

  5. In the Inbound Rules center panel, locate the Geocortex Core rules.

  6. Right-click a Geocortex Core rule and select Properties.

  7. In the Geocortex Core Discovery Properties window, select the Advanced tab, and then in the Profiles areas, click the Public checkbox.

  8. Click Apply, and then click OK.

  9. Repeat this process for all the other Geocortex Core rules.

  10. Close Windows Firewall with Advanced Security.

See also...

Deploy Analytics with a DMZ

© 2018 Latitude Geographics Group Ltd. All Rights Reserved.

Documentation Version 1.4